8
CVEs
1
Critical
6
High
0
KEV
0
PoC
6
Unpatched C/H
12.5%
Patch Rate
0.0%
Avg EPSS
Severity Breakdown
CRITICAL
1
HIGH
6
MEDIUM
0
LOW
1
Monthly CVE Trend
Affected Products (30)
Cloud Foundation
17
Telco Cloud Platform
11
Telco Cloud Infrastructure
10
Aria Operations
5
Aria Operations For Logs
4
Windows
4
ESXi
3
Linux Kernel
3
Vmware Nsx
3
Workstation
2
Ubuntu
2
Fastconnect 7800 Firmware
1
Cloud Foundation Operations
1
Fusion
1
Fastconnect 6900 Firmware
1
Qam8650p Firmware
1
Fastconnect 6800 Firmware
1
Aria Automation
1
Qam8295p Firmware
1
Fastconnect 6700 Firmware
1
Qam8255p Firmware
1
Qam8620p Firmware
1
Open Vm Tools
1
Qam8775p Firmware
1
Qamsrv1h Firmware
1
Qamsrv1m Firmware
1
Qca6174a Firmware
1
Qca6310 Firmware
1
Qca6335 Firmware
1
Fastconnect 6200 Firmware
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-20794 | Buffer overflow for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow an | CRITICAL | 9.3 | 0.0% | 47 |
No patch
|
| CVE-2025-62623 | A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2025-62624 | A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2026-20751 | Out-of-bounds read for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow | HIGH | 8.3 | 0.0% | 42 |
No patch
|
| CVE-2026-20879 | Out-of-bounds write for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow | HIGH | 8.3 | 0.0% | 42 |
No patch
|
| CVE-2026-41702 | Local privilege escalation in VMware Fusion allows authenticated users with non-administrative privileges to gain root access by exploiting a TOCTOU race condition in a SETUID binary. The vulnerability requires local access and low attack complexity (CVSS:3.1 AV:L/AC:L/PR:L), enabling complete system compromise on macOS hosts running affected Fusion versions. EPSS and KEV status data not available; exploitation requires existing local user access but can bypass all privilege boundaries once triggered. | HIGH | 7.8 | 0.0% | 39 |
|
| CVE-2025-62627 | An untrusted pointer dereference in the ionic cloud driver for VMWare ESXi could allow an attacker with an unprivileged VM to read kernel memory or co | HIGH | 7.2 | 0.0% | 36 |
No patch
|
| CVE-2026-22717 | Out-of-bound read vulnerability in VMware Workstation 25H1 and below on any platform allows an actor with non-administrative privileges on a guest VM to obtain limited information disclosure from the machine where VMware Workstation is installed. [CVSS 2.7 LOW] | LOW | 2.7 | 0.0% | 14 |
No patch
|